13-15 May 2025, Podgorica, Montenegro

The training marks the third cycle of a successful ToT programme in cyber hygiene, designed not only to deepen participants’ knowledge of cybersecurity principles but also to equip them with the skills needed to train others in their respective institutions. In this way, the training aims to empower a network of trainers across the Western Balkans who can promote safer practices, raise awareness, and reinforce a culture of prevention and responsibility.

At the opening speech, Gilles Schwoerer, WB3C Director, highlighted fruitful collaboration with ReSPA in building regional capacities in cybersecurity.

Director Handjiska Trendafilova underlined at the opening: “This is more than a training—it's a step toward embedding a proactive cybersecurity culture in public governance across the Western Balkans. I encourage you to make the most of the programme. Engage actively, share your experiences, and build connections. Your contribution is crucial, not only for your institutions but for the region’s collective digital resilience.

During the three intensive days, Arianit Maraj, WB3C Expert unpacked the fundamentals of cybersecurity and the anatomy of modern threats; promoted good cyber hygiene habits and practical defence measures; dived into crisis management and continuity planning; and guided participants through real-life exercises and a self-evaluation session to assess their readiness to train others.

Day 1 – Foundations of Cybersecurity and Threat Awareness

Participants learned about the fundamentals of IT security - core concepts, the importance of awareness, and the overall training objectives. This is followed by detailed sessions on the most common cyber threats faced by public institutions, including malware, phishing, ransomware, and social engineering. Through interactive discussions and expert-led Q&A segments, participants also explored real-world examples of these threats, understood their propagation methods, and discussed strategies for prevention.

Day 2 – Cyber Hygiene Best Practices and Incident Response

Shifting the focus to promoting proactive security behaviours among users, participants delved into the use of strong passwords, two-factor authentication, regular software updates, and the protection of sensitive information through encryption and access management. They also explored more advanced practices such as developing password policies, implementing backup strategies, and managing risks related to social network usage. The day concludes with a session on incident response and business continuity planning—covering how to detect incidents, initiate effective response procedures, and maintain operational integrity during disruptions.

Day 3 – Practical Application and Evaluation

The final day of the training emphasized practical application and evaluation. Participants engaged in hands-on exercises, such as analyzing email headers for suspicious activity and summarizing key lessons from the training. The session helped reinforce critical knowledge while offering techniques for structuring future training delivery. The program concluded with a self-assessment segment ("Test Yourself"), allowing participants to evaluate their understanding and readiness to serve as trainers in their respective institutions.

ReSPA is looking forward to seeing how this community of trainers continues to grow and support cybersecurity across the Western Balkans!